Re: Package verification and "/usr/bin/install" tool replacements

2003-10-16 Thread Matt Zimmerman
On Sat, Oct 04, 2003 at 04:39:49AM +1000, Kim Lester wrote: > Some of the ideas I have implemented include a "pkg info" file in each > package > containing the > pathname > uid, gid (numeric) > md5sum, > size (useful to humans) > mode > symlink target (for syml

Re: Package verification

2003-10-08 Thread Josef Spillner
On Wednesday 08 October 2003 09:04, Andreas Metzler wrote: > 'chown -R ...' accidentally excuted in the wrong directory comes to > my mind. Or filesystem corruption after a hard crash. But then not only files from packages, but also user files are subject of corruption. Using a tool like integrit

Re: Package verification

2003-10-08 Thread Andreas Metzler
Matthew Palmer <[EMAIL PROTECTED]> wrote: > On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote: >> There is no way to verify/correct the MODE, USER, GROUP, TYPE >> of any files installed in a pkg. >> If I am wrong please point out where, with an installed pkg >> (and preferably without hav

Re: Package verification

2003-10-07 Thread Matthew Palmer
On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote: > There is no way to verify/correct the MODE, USER, GROUP, TYPE > of any files installed in a pkg. > If I am wrong please point out where, with an installed pkg > (and preferably without having a copy of the .dpkg around) > once can tell

Re: Package verification

2003-10-07 Thread Steve Kemp
On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote: > There is no way to verify/correct the MODE, USER, GROUP, TYPE > of any files installed in a pkg. That appears to be the case, partly because permissions may be changed from those files which are contained withing the .deb file via t

RE: Package verification

2003-10-07 Thread Kim Lester
rds kim > -Original Message- > From: Brian May [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 05, 2003 9:39 AM > To: Fabien Ninoles > Cc: Kim Lester; debian-devel@lists.debian.org > Subject: Re: Package verification and "/usr/bin/install" tool > replaceme

Package verification ? (Best practice)

2003-10-05 Thread Osamu Aoki
Hmmm... On Sun, Oct 05, 2003 at 09:38:30AM +1000, Brian May wrote: > On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien Ninoles wrote: > > Although your proposition seems more complete, have you try > > debsums and checksecurity? debsums with the following > > feature in /etc/apt/apt.conf > > > >

Re: Package verification and "/usr/bin/install" tool replacements

2003-10-04 Thread Brian May
On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien Ninoles wrote: > Although your proposition seems more complete, have you try > debsums and checksecurity? debsums with the following > feature in /etc/apt/apt.conf > > DPkg::Post-Invoke { > "debsums --generate=nocheck -sp /var/cache/apt/arc

Re: Package verification and "/usr/bin/install" tool replacements

2003-10-04 Thread Fabien Ninoles
Kim Lester wrote: Although debian packages may contain md5sums it seems package verification is not available (unless I have missed something). Although your proposition seems more complete, have you try debsums and checksecurity? debsums with the following feature in /etc/apt/apt.conf DPkg

RE: Package verification and "/usr/bin/install" tool replacements

2003-10-04 Thread Kim Lester
this latter group My solution does. regards kim > -Original Message- > From: Rene Engelhard [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 04, 2003 5:45 AM > To: debian-devel@lists.debian.org > Subject: Re: Package verification and "/usr/bin/install"

Re: Package verification and "/usr/bin/install" tool replacements

2003-10-03 Thread Rene Engelhard
Hi, Kim Lester wrote: > Although debian packages may contain md5sums it seems package > verification is > not available (unless I have missed something). Probably you missed debsums... Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :'

Package verification and "/usr/bin/install" tool replacements

2003-10-03 Thread Kim Lester
Although debian packages may contain md5sums it seems package verification is not available (unless I have missed something). Also I find the traditional /usr/bin/install type tools rather primitive. As I understand it a debian pkg relies on information in the tar archive itself to store this

Re: New Source Formats and Source Package Verification

1997-05-14 Thread Kai Henningsen
[EMAIL PROTECTED] (Manoj Srivastava) wrote on 13.05.97 in <[EMAIL PROTECTED]>: > Or, thirdly, we use pristine sources iff they are in supported > formats, or else the upstream source is massaged into a supported > format, and BIG signs are posted pointing to the real sources and the > st

Re: New Source Formats and Source Package Verification

1997-05-14 Thread Bdale Garbee
In article <[EMAIL PROTECTED]> you wrote: : BTW: Do you know anybody who really needs to put all the tools needed : to build source packages onto floppies? :-) Yes, I do. A friend has an older laptop that has a floppy drive, and that's his only current path of getting bits in and out. He may

Re: New Source Formats and Source Package Verification

1997-05-13 Thread Manoj Srivastava
Hi, >>"Jim" == Jim Pick <[EMAIL PROTECTED]> writes: >> Might it be possible to, say, have a list of `supported formats' -- >> .tar.gz, .zip, others? -- and at least give the option of >> downloading upstream sources which were originally in other formats >> as a tarball? This is far from ideal, fo

Re: New Source Formats and Source Package Verification

1997-05-13 Thread Jim Pick
> How about where part of the upstream archive could go into the main > distribution, but part needs to go into non-free or non-US, even for the > sources? > > That's a case where you _must_ repack the original archive. > > > MfG Kai No. I'd just say upload the upstream sources to the non

Re: New Source Formats and Source Package Verification

1997-05-13 Thread Kai Henningsen
[EMAIL PROTECTED] (Andy Mortimer) wrote on 13.05.97 in <[EMAIL PROTECTED]>: > On May 12, Jim Pick wrote > > > > Excellent write-up, Klee. Thanks for doing it. > > I second this; a lot of thought has obviously gone into this, and it > shows! Me too! > > > * [1.1] It must be possible to recon

Re: New Source Formats and Source Package Verification

1997-05-13 Thread Jim Pick
> > Please clarify - unpacking a Debian source package is different > > than unpacking an upstream source package (which may require tar, > > unzip, zoo, lha, jar, etc.). Right? Andy Mortimer wrote: > Personally, I'd be inclined to disagree here, especially given [1.5] > below. If I've gone to

Re: New Source Formats and Source Package Verification

1997-05-13 Thread Andy Mortimer
July first. > > If source packages were just a specialized format of the binary package > format - they could be handled the same way, and using the same tools. > Ask Guy which part of the tree is more consistant and easier to handle > - the source code part or the binary packages p

Re: Package Verification

1995-12-19 Thread Bruce Perens
I'd rather avoid the sum(1) checksum, because there are two implementations of sum(1), the BSD and SYSV, that output different checksums for the same data. Too many people will get confused when they see the wrong sum. Bruce  -- Bruce Perens <[EMAIL PROTECTED]> Pixar Animation Studios

Re: Package Verification

1995-12-19 Thread Bill Mitchell
Bruce said, regarding Packages file info: > I think a field with the size _and_ MD5 checksum on the same line would > be helpful. We don't collect this information anywhere else, to my knowledge. The sum(1) checksum might also be useful. I know that sum(1) has been characterized here as "totally

Re: Package Verification

1995-12-19 Thread Bruce Perens
From: Ian Jackson <[EMAIL PROTECTED]> > I suppose we could put the file size in the Packages file; it just > might get a bit cluttered with all of this information. What do > people feel about this ? I think a field with the size _and_ MD5 checksum on the same line would be helpful. We don't coll

Re: Package Verification

1995-12-19 Thread Ian Jackson
brian white writes ("Re: Package Verification "): > This is fine, but it doesn't help with verifying packages on > non-Debian systems as is required by people who must do an actual FTP > >from another machine. As for the format, feel free to alter it. I > figure

Re: Package Verification

1995-12-18 Thread brian (b.c.) white
e: >> checksum: d14d384e0895986bc9f2b09f0a8b84fc (295393) >> >> The reason for this is so programs like 'dftp' can verify that they >> retrieved the packages correctly before attempting to install them. > >Eventually dpkg will have its own support for package

Re: Package Verification

1995-12-15 Thread Ian Jackson
brian white writes ("Package Verification "): > I'd like to suggest another field to be automatically added to the > "Packages" files that exist at the top of each hierarchy in the > distribution. I'd like to see a "Checksum:" field that can

Package Verification

1995-12-10 Thread brian (b.c.) white
I'd like to suggest another field to be automatically added to the "Packages" files that exist at the top of each hierarchy in the distribution. I'd like to see a "Checksum:" field that can be used to verify the correct download of these packages. I think including both an 'md5sum' and a (filesiz